View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 22, 2017updated 06 Jul 2022 9:43am

Why Black Friday is on every hacker’s hit list

Before the big day arrives, take a moment to remind yourself of some of the cybersecurity perils that might be lying in wait for you.

By Tom Ball

While you are eagerly etching the Black Friday reminder into your calendar and dreaming of the plunder you will return with from the sales battle, do not forget that the hackers are waiting in anticipation for the deals to begin too.

The chaos makes it a prime time for hackers to strike; they know the red mist has descended upon hordes of internet shoppers, causing them to rush headlong toward bargains with reckless abandon. Torrents of legitimate emails advertising deals will be pouring in, making it all the more easy for a maliciously loaded one to hit its mark.

Because you are about to skip merrily into this minefield with baskets in hand, it seems necessary to brief you on why hackers are excited about Black Friday too. Armed with this knowledge you are likely to make better choices and avoid getting hacked while playing the hunter gatherer.

Because your passwords are terrible

We are all bored of having to make and maintain so many different passwords, but in this age of complexity it really does still pay to make your password hard to guess or work out logically. For those serious shoppers that visit numerous sites, it goes without saying that you should not simply use the same one across all of them.

Do not feel guilty if you have neglected your set of passwords, human imperfection is a driving force behind tech innovation in general, and of course someone has thought of this problem before. To get a handle on your passwords you can download software to track them.

Why Black Friday is on every hacker’s hit list

Some reputable password tracker examples include Dashlane and Sticky Password Premium, both of which will do the job for free, meaning you maximise the colossal savings you are planning to make on the big day.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Because you will use Wi-Fi anywhere

Black Friday stops for no one, so while you are in the buying frenzy, you will be more likely than ever to latch on to any Wi-Fi you can to make the most of the many deals that are luring you in.

Networks have their own security and not all of them are created and maintained equally. By jumping onto any Wi-Fi network to complete the payment on that bargain, you may be taking a major risk and exposing yourself to malicious attackers.

A common attack put into action in this situation is the Man in the Middle attack, in which your activity is simply tracked and intercepted between your device and the service, allowing hackers to harvest your critical information.

Because not all websites are encrypted

Black Friday is probably the day of the year that you will surf like no other, gliding from site to site relentlessly, scouring and searching. Because of this you are likely to not look for the green lock symbol, or any other characteristics along the way,

The address bar is often the first port of call to be sure if you do decide to spare a moment and check the destination you are about to travel to. Read on to find out what a professional would advise in this situation.

Travis Smith, principal security researcher at Tripwire, said: “It is absolutely critical to make sure the website you are entering your card information into is encrypted. This can be denoted by the HTTPS and/or green lock near the address bar of the browser. Unencrypted traffic can be easily viewed by anyone watching. More importantly if a website isn’t encrypting their website in 2017, let alone their payment processing page, then they cannot be trusted to handle your credit card information properly either.”

Because you pay with your card details

Do not forget about the benefits of PayPal and other payments services, acting as a safe space for your transaction to be made. It is remarkably easy to just fire off some of your most valuable details into the ether, with young people particularly guilty of this lassaiz faire attitude.

Make sure you consider the options before falling into this trap, because it will not necessarily just be fine when you click and confirm.

Uber data breach scandal: A shocked tech industry reacts to the cover-up
AWS goes undercover with new secret datacentre for spies
CA Technologies CTO: AI is a force for good and evil in cybersecurity

“The downside that Chip & PIN has over something like PayPal or Venmo is with “card not present” transactions, for example buying a pair of shoes from Amazon. For credit/debit cards, you still need to enter in your credit card number regardless if you have a chip enabled card or not. This opens up the risk of an attacker being able to steal the credit card information while it is in transit between your computer and the online retailer.  A technology such as PayPal or Venmo, for example, will reduce the footprint of where your credit card information is processed between, thereby reducing your risk of having your credit card information stolen,” said Smith.

Because they can catch you in-store too

This is our parting tip, in this technological world; you may step outside and forget that crime and danger exists outside your front door as well.

So if you decide to brave the potentially riotous experience of actually going into a shop to make the most of Black Friday, remember that out of control trolleys and stampedes are not the only risk. The key here is using cash if you want to walk out of the shop carefree.

Smith, said: “The safest way to pay in a brick and mortar store is to use cash. It is a physical medium which requires no interaction with the internet, where cyber criminals can lurk in any corner of the world. If you are forced to use a credit/debit card for a transaction, using the Chip and PIN method of payment is much more secure than swiping the magnetic strip.”

Magnetic stripe is by far the riskiest of all the technologies due to the fact that the credit card data is processed by the terminal in memory in clear-text, as the credit card number has to be sent to the payment processor to extract funds from the account. The way magnetic stripe transactions keep your account safe is mainly due to encrypting the traffic as it is sent between merchant and payment processors.  As a customer, you have little control over protecting your account besides keeping your card number a secret.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.